Package: udev
Version: 0.124-3
Severity: normal
With a separate script for setting up udev (mounting tmpfs and creating device
nodes) then we can avoid granting excessive permissions to the regular init.d
scripts under SE Linux. It also makes it a little easier to understand what
the udev script does and therefore easier for anyone else who wants to work
with the code in question.
Here is the new /sbin/start_udev script:
#!/bin/sh -e
# we need to unmount /dev/pts/ and remount it later over the tmpfs
unmount_devpts() {
if mountpoint -q /dev/pts/; then
umount -n -l /dev/pts/
fi
if mountpoint -q /dev/shm/; then
umount -n -l /dev/shm/
fi
}
# mount a tmpfs over /dev, if somebody did not already do it
mount_tmpfs() {
if grep -E -q "^[^[:space:]]+ /dev tmpfs" /proc/mounts; then
return
fi
if ! mount -n -o size=$tmpfs_size,mode=0755 -t tmpfs tmpfs /dev; then
log_failure_msg "udev requires tmpfs support, not started."
log_end_msg 1
fi
# relabel the new tmpfs accordingly
[ -x /sbin/restorecon ] && /sbin/restorecon /dev
return 0
}
# I hate this hack. -- Md
make_extra_nodes() {
if [ "$(echo /lib/udev/devices/*)" != "/lib/udev/devices/*" ]; then
cp --archive --update /lib/udev/devices/* /dev/
fi
[ -e /etc/udev/links.conf ] || return 0
grep '^[^#]' /etc/udev/links.conf | \
while read type name arg1; do
[ "$type" -a "$name" -a ! -e "/dev/$name" -a ! -L "/dev/$name" ] ||continue
case "$type" in
L) ln -s $arg1 /dev/$name ;;
D) mkdir -p /dev/$name ;;
M) mknod -m 600 /dev/$name $arg1 ;;
*) log_warning_msg "links.conf: unparseable line ($type $name $arg1)" ;;
esac
if [ -x /sbin/restorecon ]; then
/sbin/restorecon /dev/$name
fi
done
}
# shell version of /usr/bin/tty
my_tty() {
[ -x /bin/readlink ] || return 0
[ -e /proc/self/fd/0 ] || return 0
readlink --silent /proc/self/fd/0 || true
}
warn_if_interactive() {
if [ "$RUNLEVEL" = "S" -a "$PREVLEVEL" = "N" ]; then
return
fi
TTY=$(my_tty)
if [ -z "$TTY" -o "$TTY" = "/dev/console" -o "$TTY" = "/dev/null" ]; then
return
fi
printf "\n\n\nIt has been detected that the command\n\n\t$0 $*\n\n"
printf "has been run from an interactive shell.\n"
printf "It will probably not do what you expect, so this script will wait\n"
printf "60 seconds before continuing. Press ^C to stop it.\n"
printf "RUNNING THIS COMMAND IS HIGHLY DISCOURAGED!\n\n\n\n"
sleep 60
}
##############################################################################
PATH="/sbin:/bin"
# defaults
tmpfs_size="10M"
udev_root="/dev"
if [ -e /etc/udev/udev.conf ]; then
. /etc/udev/udev.conf
fi
. /lib/lsb/init-functions
##############################################################################
# this is experimental and may not work well
if [ "$UDEV_DISABLED" = "yes" ]; then
udev_root=/etc/udev/.dev
UDEV_ROOT=$udev_root
fi
##############################################################################
# When modifying this script, do not forget that between the time that the
# new /dev has been mounted and udevadm trigger has been run there will be
# no /dev/null. This also means that you cannot use the "&" shell command.
if [ "$udev_root" != "/dev" ]; then
log_warning_msg "udev_root != /dev/"
if [ -e "$udev_root/.udev/" ]; then
if mountpoint -q $udev_root/; then
log_failure_msg "udev is already active on $udev_root."
log_end_msg 1
else
log_warning_msg ".udev/ already exists on the static $udev_root!"
fi
fi
echo > /sys/kernel/uevent_helper
mount -n -o size=$tmpfs_size,mode=0755 -t tmpfs tmpfs $udev_root
mkdir -p $udev_root/.udev/db/
log_daemon_msg "Starting the hotplug events dispatcher" "udevd"
if udevd --daemon; then
log_end_msg $?
else
log_end_msg $?
fi
log_action_begin_msg "Synthesizing initial hotplug events"
if udevadm trigger; then
log_action_end_msg $?
else
log_action_end_msg $?
fi
else
if [ -e "$udev_root/.udev/" ]; then
if mountpoint -q $udev_root/; then
TMPFS_MOUNTED=1
else
log_warning_msg ".udev/ already exists on the static $udev_root!"
fi
else
warn_if_interactive
fi
echo > /sys/kernel/uevent_helper
if [ -z "$TMPFS_MOUNTED" ]; then
unmount_devpts
mount_tmpfs
[ -d /proc/1 ] || mount -n /proc
else
# set the SELinux context for devices created in the initramfs
[ -x /sbin/restorecon ] && /sbin/restorecon -R /dev
# and clean up the database of the initramfs udev
rm -rf /dev/.udev/
fi
# /dev/null must be created before udevd is started
make_extra_nodes
# if this directory is not present /dev will not be updated by udev
mkdir -p /dev/.udev/db/
fi
Here is the patch for /etc/init.d/udev:
--- udev.orig 2008-07-22 13:18:22.000000000 +1000
+++ udev 2008-07-22 13:34:51.000000000 +1000
@@ -8,34 +8,6 @@
# Short-Description: Start udevd, populate /dev and load drivers.
### END INIT INFO
-# we need to unmount /dev/pts/ and remount it later over the tmpfs
-unmount_devpts() {
- if mountpoint -q /dev/pts/; then
- umount -n -l /dev/pts/
- fi
-
- if mountpoint -q /dev/shm/; then
- umount -n -l /dev/shm/
- fi
-}
-
-# mount a tmpfs over /dev, if somebody did not already do it
-mount_tmpfs() {
- if grep -E -q "^[^[:space:]]+ /dev tmpfs" /proc/mounts; then
- return
- fi
-
- if ! mount -n -o size=$tmpfs_size,mode=0755 -t tmpfs tmpfs /dev; then
- log_failure_msg "udev requires tmpfs support, not started."
- log_end_msg 1
- fi
-
- # relabel the new tmpfs accordingly
- [ -x /sbin/restorecon ] && /sbin/restorecon /dev
-
- return 0
-}
-
create_dev_makedev() {
if [ -e /sbin/MAKEDEV ]; then
ln -sf /sbin/MAKEDEV /dev/MAKEDEV
@@ -44,28 +16,6 @@
fi
}
-# I hate this hack. -- Md
-make_extra_nodes() {
- if [ "$(echo /lib/udev/devices/*)" != "/lib/udev/devices/*" ]; then
- cp --archive --update /lib/udev/devices/* /dev/
- fi
-
- [ -e /etc/udev/links.conf ] || return 0
- grep '^[^#]' /etc/udev/links.conf | \
- while read type name arg1; do
- [ "$type" -a "$name" -a ! -e "/dev/$name" -a ! -L "/dev/$name" ] ||continue
- case "$type" in
- L) ln -s $arg1 /dev/$name ;;
- D) mkdir -p /dev/$name ;;
- M) mknod -m 600 /dev/$name $arg1 ;;
- *) log_warning_msg "links.conf: unparseable line ($type $name $arg1)" ;;
- esac
- if [ -x /sbin/restorecon ]; then
- /sbin/restorecon /dev/$name
- fi
- done
-}
-
supported_kernel() {
case "$(uname -r)" in
2.[012345].*|2.6.[0-9]|2.6.[0-9][!0-9]*) return 1 ;;
@@ -74,31 +24,6 @@
return 0
}
-# shell version of /usr/bin/tty
-my_tty() {
- [ -x /bin/readlink ] || return 0
- [ -e /proc/self/fd/0 ] || return 0
- readlink --silent /proc/self/fd/0 || true
-}
-
-warn_if_interactive() {
- if [ "$RUNLEVEL" = "S" -a "$PREVLEVEL" = "N" ]; then
- return
- fi
-
- TTY=$(my_tty)
- if [ -z "$TTY" -o "$TTY" = "/dev/console" -o "$TTY" = "/dev/null" ]; then
- return
- fi
-
- printf "\n\n\nIt has been detected that the command\n\n\t$0 $*\n\n"
- printf "has been run from an interactive shell.\n"
- printf "It will probably not do what you expect, so this script will wait\n"
- printf "60 seconds before continuing. Press ^C to stop it.\n"
- printf "RUNNING THIS COMMAND IS HIGHLY DISCOURAGED!\n\n\n\n"
- sleep 60
-}
-
##############################################################################
[ -x /sbin/udevd ] || exit 0
@@ -150,75 +75,6 @@
udev_root=${udev_root%/}
-if [ "$udev_root" != "/dev" ]; then
- log_warning_msg "udev_root != /dev/"
-
-case "$1" in
- start)
- if [ -e "$udev_root/.udev/" ]; then
- if mountpoint -q $udev_root/; then
- log_failure_msg "udev is already active on $udev_root."
- log_end_msg 1
- else
- log_warning_msg ".udev/ already exists on the static $udev_root!"
- fi
- fi
-
- echo > /sys/kernel/uevent_helper
-
- mount -n -o size=$tmpfs_size,mode=0755 -t tmpfs tmpfs $udev_root
- mkdir -p $udev_root/.udev/db/
-
- log_daemon_msg "Starting the hotplug events dispatcher" "udevd"
- if udevd --daemon; then
- log_end_msg $?
- else
- log_end_msg $?
- fi
-
- log_action_begin_msg "Synthesizing initial hotplug events"
- if udevadm trigger; then
- log_action_end_msg $?
- else
- log_action_end_msg $?
- fi
-
- ;;
- stop)
- log_daemon_msg "Stopping the hotplug events dispatcher" "udevd"
- if start-stop-daemon --stop --name udevd --quiet --oknodo --retry 5; then
- log_end_msg $?
- else
- log_end_msg $?
- fi
-
- log_action_begin_msg "Unmounting $udev_root"
- # unmounting with -l should never fail
- if umount -n -l $udev_root; then
- log_action_end_msg $?
- else
- log_action_end_msg $?
- fi
- ;;
-
- restart)
- $0 stop
- $0 start
- ;;
-
- reload|force-reload)
- udevadm control --reload_rules
- ;;
-
- *)
- echo "Usage: /etc/init.d/udev {start|stop|restart|reload|force-reload}"
- exit 1
- ;;
-esac
-
- exit 0
-fi # udev_root != /dev
-
##############################################################################
# When modifying this script, do not forget that between the time that the
@@ -227,34 +83,7 @@
case "$1" in
start)
- if [ -e "$udev_root/.udev/" ]; then
- if mountpoint -q $udev_root/; then
- TMPFS_MOUNTED=1
- else
- log_warning_msg ".udev/ already exists on the static $udev_root!"
- fi
- else
- warn_if_interactive
- fi
-
- echo > /sys/kernel/uevent_helper
-
- if [ -z "$TMPFS_MOUNTED" ]; then
- unmount_devpts
- mount_tmpfs
- [ -d /proc/1 ] || mount -n /proc
- else
- # set the SELinux context for devices created in the initramfs
- [ -x /sbin/restorecon ] && /sbin/restorecon -R /dev
- # and clean up the database of the initramfs udev
- rm -rf /dev/.udev/
- fi
-
- # /dev/null must be created before udevd is started
- make_extra_nodes
-
- # if this directory is not present /dev will not be updated by udev
- mkdir -p /dev/.udev/db/
+ /sbin/start_udev
log_daemon_msg "Starting the hotplug events dispatcher" "udevd"
if udevd --daemon; then
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
